expire function

David Shaw dshaw at jabberwocky.com
Mon Dec 20 17:39:31 CET 2004

On Mon, Dec 20, 2004 at 02:12:21PM +0000, Neil Williams wrote:
> On Monday 20 December 2004 12:43 pm, Michael Kirchner wrote:
> > Perhaps you might enlighten me: is there an special security problem
> > connected to a yearly expire and reissuing of my keys?
> You lose all your signatures and therefore trust.
> One alternative is to issue a unlimited expiry main key with a
> subkey that expires. You need to then use updated keyservers and
> you'll get people asking why they cannot get/use your key.

Ah, what a perfect opening to talk about the new 1.4 features to help
with the keyserver problem!

1.4 has the ability to embed a URL in a key or signature to tell
people which keyserver the key owner prefers to keep his key on.  The
URL can even be a web page or finger file so people don't even have to
use keyservers at all.

I'll send a longer writeup to this list.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20041220/0c633442/attachment.bin

More information about the Gnupg-users mailing list